Hi all,
I'm currently trying to setup a smartstore index using on-prem s3 compliant storage.
The logs I'm seeing in _internal related to the s3Client component are as follows:
statusCode=502 statusDescription="Error connecting: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca - please check the output of the `openssl verify` command for the certificates involved; note that if certificate verification is enabled (requireClientCert or sslVerifyServerCert set to "true"), the CA certificate and the server certificate should not have the same Common Name.
My (slightly redacted) config for the bucket in indexes.conf is as follows:
[volume:primary]
path = /opt/splunk/var/lib/splunk
maxVolumeDataSizeMB = 500000
[volume:remote_store]
storageType = remote
path = s3://splunk-smartstore/netapp-smartstore
remote.s3.access_key = access key
remote.s3.secret_key = secret key
remote.s3.endpoint = https://s3-sgws.domain:8082
remote.s3.encryption = none
remote.s3.sslVerifyServerCert = false
[netapp_smartstore]
homePath = volume:primary/netapp_smartstore/db
coldPath = $SPLUNK_DB/netapp_smartstore/colddb
thawedPath = $SPLUNK_DB/netapp_smartstore/thaweddb
repFactor = auto
remotePath = volume:remote_store/netapp_smartstore/colddb
maxGlobalDataSizeMB = 1024
hotlist_recency_secs = 3600
hotlist_bloom_filter_recency_hours = 3600
frozenTimePeriodInSecs = 31536000
maxDataSize = auto
I have successfully setup smartstore with an AWS bucket, the only differences being that using the public aws endpoints, their certs are set up and correct (we do not have that on site, just using default certs, so I'm not sure exactly which cert to check with the openssl verify command). That and I'd actually created the folders/path within the bucket before initiating smartstore whereas with the on prem version I thought that the folders would be created on instantiation. Not sure how this second difference would create any ssl errors though. I would have also thought the setting of remote.s3.sslVerifyServerCert = false would remove the chance of any cert errors.
Anyone who's run into this and can offer any advice, it is most welcome.
... View more